Okta works with Shape Security’s Enterprise Defense to detect and deflect automated attacks before they reach your websites, mobile applications, and APIs. The combination proactively mitigates the risk of credential stuffing and automated fake account creation. The Shape solution collects incoming login traffic–before log-in–and makes real-time, analytics-driven decisions on whether the login attempt is fraudulent, bot-based traffic that should be automatically blocked, or legitimate traffic that’s worth evaluating. This filtered traffic is passed on to Okta, which evaluates the login attempts and grants individuals access based on contextual policies.
- Bot-driven imitation attacks like credential-stuffing—where cyberthieves test millions of stolen passwords against your system—can account for a significant portion of login traffic
- This unwanted activity presents a constant threat to security, requires teams to spend valuable time fending off attacks, and impacts the bottom line via increased fraud
- All this fake traffic, and the measures security teams take to counteract it, can mean extra hurdles for legitimate end users and developers trying to access their applications
Okta’s best-of-breed identity solution works with Shape Security’s Enterprise Defense to detect and deflect automated attacks before they reach your websites, mobile applications, and APIs
The combination proactively mitigates the risk of credential stuffing and automated fake account creation, keeping enterprise assets safe and reducing hours of remediation time and customer support
Adaptive software informed by deep learning assesses login traffic before login begins, keeping the process seamless and invisible to authorized users—no new security hurdles
Safeguard your customers from unauthorized logins
Okta’s authentication solutions, including Contextual Access Management and Multi-Factor Authentication (MFA), work together with Shape’s Enterprise Defense solution to protect your websites, mobile apps, and APIs automatically and simultaneously. In addition, the best-of-breed security technologies are easy for security teams to deploy and for authorized end users to navigate.
Deflect hostile traffic with a double layer of defense
The Shape solution collects incoming login traffic —before log-in—and makes real-time, analytics-driven decisions on whether the login attempt is fraudulent, bot-based traffic that should be automatically blocked, or legitimate traffic that’s worth evaluating. This filtered traffic is passed on to Okta, which evaluates the login attempts and grants individuals access based on contextual policies.
Upgrade your security posture to one that adapts as attacks evolve
Shape’s solution uses supervised and unsupervised deep learning methods to detect attackers’ techniques as they evolve and then autonomously deploy appropriate countermeasures. In addition, as soon as a new attack technique is observed on one Shape customer, all other Shape customers are immediately protected from it. And Okta’s Adaptive MFA allows for dynamic policy changes and step-up authentication in response to changes in user and device behavior, location, or other contexts, helping you stay secure as risk levels change.
Thwart credential-stuffing and other imitation attacks at the door, before they endanger enterprise assets
- Deny automated credential-based attacks across your entire ecosystem (websites, mobile applications, and APIs)
- Block cyber criminals from taking over legitimate accounts or establishing fake ones
- Deter future attacks with an evolving, machine-learning-based, cloud-first holistic security solution
- Provide easy access that safely lets in authorized users, while protecting apps and assets across the enterprise
- OIDC OpenID Connect is an extension to the OAuth standard that provides for exchanging Authentication data between an identity provider (IdP) and a service provider (SP) and does not require credentials to be passed from the Identity Provider to the application.
- SAML Security Assertion Markup Language is an open standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP) that does not require credentials to be passed to the service provider.
- SWA Secure Web Authentication is a Single Sign On (SSO) system developed by Okta to provide SSO for apps that don't support proprietary federated sign-on methods, SAML or OIDC.
- Attribute Sourcing
- Create Creates or links a user in the application when assigning the app to a user in Okta.
- Update Okta updates a user's attributes in the app when the app is assigned. Future attribute changes made to the Okta user profile will automatically overwrite the corresponding attribute value in the app.
- Deactivate Deactivates a user's account in the app when it is unassigned in Okta or their Okta account is deactivated. Accounts can be reactivated if the app is reassigned to a user in Okta.
- Sync Password Push either the users Okta password or a randomly generated password to the app. This feature is not required for all federated applications as user authentication takes place in Okta, however some apps still require a password.
- Group Push Push existing Okta groups and their memberships to the application. Groups can then be managed in Okta and changes are reflected in the application.
- Group Linking Link Okta groups to existing groups in the application. Simplifies onboarding an app for Okta provisioning where the app already has groups configured.
- Schema Discovery Import the user attribute schema from the application and reflect it in the Okta app user profile. Allows Okta to use custom attributes you have configured in the application that were not included in the basic app schema.
- Attribute Mastering The application can be defined as the source of truth for a full user profile or as the source of truth for specific attributes on a user profile.
- Attribute Writeback When the application is used as a profile master it is possible to define specific attributes to be sourced from another location and written back to the app. For example the user profile may come from Active Directory with phone number sourced from another app and written back to Active Directory.